1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
Return-Path: <sergio.d.lerner@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 76C4ACC6
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 Feb 2016 23:07:21 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-ig0-f179.google.com (mail-ig0-f179.google.com
[209.85.213.179])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 65E3CE5
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 Feb 2016 23:07:20 +0000 (UTC)
Received: by mail-ig0-f179.google.com with SMTP id z8so45560010ige.0
for <bitcoin-dev@lists.linuxfoundation.org>;
Fri, 26 Feb 2016 15:07:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:from:date:message-id:subject:to
:cc; bh=2FwcvntuvneZAzlAL6gvtrO7L5xDmnZ8iPD7tcqS6I4=;
b=TnYUczZA18cmvP1JyvJ6OqzlvCvh9kZrzce7quD2qPnpRBN0IA2pfbMzWEhJQhv86o
Lyu6fba3f5j3+f07Ob+8dr9t+j6n8oKmeVENlSGrHP2D7zUOiA8MwOFE/ih0Xa8THbPG
jesOq+vXbJjE788xGQw2+5BOLmwg3rJ6rgh05R3SNvn7IjQPiWwPFlty5gbrJPvcN+Qu
E4yzpzjN3+NA0PLlew0OHAc7bX2Zs01cWCoWsVSQz1iM5KCJWVdz6q6um1hALFBAgnCj
0tUGf8mhSntxO+VZIovpwaJ1Ee1vK4RTwAtcedPgsAR9V0Miorhn578gH1UaVkxpTft3
xyKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:in-reply-to:references:from:date
:message-id:subject:to:cc;
bh=2FwcvntuvneZAzlAL6gvtrO7L5xDmnZ8iPD7tcqS6I4=;
b=k7nHzqpI5obkA9BxC13QkyAzGxsRhONfD+x0zTCFnwIyT43H+YR2FZNWf4qTtdSLKL
2r9GQ/mmEUFZJ8ohRYboWcuowngMxdBgbOj6I67E+OPljqqoDesEAyjBMLLta3v/Cx/Z
B4adR9wb8qpe4i8sGAirp01xaIPSsRuTu9Mx4cqMQmwbnqwgHseHJl6doYyQWoLyvXIL
t/eeHtuFoZaUrpnnfO5xpbBunL3Bt1sVpLG9VDJjSUMLbuB2SgsKO44a2fVbtUNMDx78
PB7iGKV3PkIFi95edngBVvLu19eD5KMZgAWOMgOakE9HD6iCC/gDl4k11AkZZSSvFXcC
DWAQ==
X-Gm-Message-State: AD7BkJLKjcE9IcRaSe79JFSvGd4Oxk+4TQgd8whxZ5ysI4wvhQq6eWimzXKCxz89tH2oUeOeEahgxIkwB6quRg==
X-Received: by 10.50.29.48 with SMTP id g16mr425934igh.4.1456528039781; Fri,
26 Feb 2016 15:07:19 -0800 (PST)
MIME-Version: 1.0
Received: by 10.107.12.216 with HTTP; Fri, 26 Feb 2016 15:06:40 -0800 (PST)
In-Reply-To: <CAAS2fgRtxpg55XaM2qpgevtfdhvtnakdKhY2WgpGXgsZqVm=Gg@mail.gmail.com>
References: <CAAS2fgRtxpg55XaM2qpgevtfdhvtnakdKhY2WgpGXgsZqVm=Gg@mail.gmail.com>
From: Sergio Demian Lerner <sergio.d.lerner@gmail.com>
Date: Fri, 26 Feb 2016 20:06:40 -0300
Message-ID: <CAKzdR-rp0Bqkj3PLWHx4etHejy2C997M3fGJy702jPdVThxPZg@mail.gmail.com>
To: Gregory Maxwell <greg@xiph.org>
Content-Type: multipart/alternative; boundary=047d7bd756306aac23052cb45ce4
X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Fri, 26 Feb 2016 23:16:06 +0000
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] The first successful Zero-Knowledge Contingent
Payment
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2016 23:07:21 -0000
--047d7bd756306aac23052cb45ce4
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Congratulations!
It a property of the SKCP system that the person who performed the trusted
setup cannot extract any information from a proof?
In other words, is it proven hard to obtain information from a proof by the
buyer?
On Fri, Feb 26, 2016 at 6:42 PM, Gregory Maxwell via bitcoin-dev <
bitcoin-dev@lists.linuxfoundation.org> wrote:
> I am happy to announce the first successful Zero-Knowledge Contingent
> Payment (ZKCP) on the Bitcoin network.
>
> ZKCP is a transaction protocol that allows a buyer to purchase
> information from a seller using Bitcoin in a manner which is private,
> scalable, secure, and which doesn=E2=80=99t require trusting anyone: the
> expected information is transferred if and only if the payment is
> made. The buyer and seller do not need to trust each other or depend
> on arbitration by a third party.
>
> Imagine a movie-style =E2=80=9Cbriefcase swap=E2=80=9D (one party with a =
briefcase
> full of cash, another containing secret documents), but without the
> potential scenario of one of the cases being filled with shredded
> newspaper and the resulting exciting chase scene.
>
> An example application would be the owners of a particular make of
> e-book reader cooperating to purchase the DRM master keys from a
> failing manufacturer, so that they could load their own documents on
> their readers after the vendor=E2=80=99s servers go offline. This type of=
sale
> is inherently irreversible, potentially crosses multiple
> jurisdictions, and involves parties whose financial stability is
> uncertain=E2=80=93meaning that both parties either take a great deal of r=
isk
> or have to make difficult arrangement. Using a ZKCP avoids the
> significant transactional costs involved in a sale which can otherwise
> easily go wrong.
>
> In today=E2=80=99s transaction I purchased a solution to a 16x16 Sudoku p=
uzzle
> for 0.10 BTC from Sean Bowe, a member of the Zcash team, as part of a
> demonstration performed live at Financial Cryptography 2016 in
> Barbados. I played my part in the transaction remotely from
> California.
>
> The transfer involved two transactions:
>
> 8e5df5f792ac4e98cca87f10aba7947337684a5a0a7333ab897fb9c9d616ba9e
> 200554139d1e3fe6e499f6ffb0b6e01e706eb8c897293a7f6a26d25e39623fae
>
> Almost all of the engineering work behind this ZKCP implementation was
> done by Sean Bowe, with support from Pieter Wuille, myself, and Madars
> Virza.
>
>
> Read more, including technical details at
>
> https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-=
announcement/
>
> [I hope to have a ZKCP sudoku buying faucet up shortly. :) ]
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
>
--047d7bd756306aac23052cb45ce4
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div><div><div>Congratulations!<br></div></div><br>It a pr=
operty of the SKCP system that the person who performed the trusted setup c=
annot extract any information from a proof?<br><br></div>In other words, is=
it proven hard to obtain information from a proof by the buyer? <br></div>=
<div class=3D"gmail_extra"><br><div class=3D"gmail_quote">On Fri, Feb 26, 2=
016 at 6:42 PM, Gregory Maxwell via bitcoin-dev <span dir=3D"ltr"><<a hr=
ef=3D"mailto:bitcoin-dev@lists.linuxfoundation.org" target=3D"_blank">bitco=
in-dev@lists.linuxfoundation.org</a>></span> wrote:<br><blockquote class=
=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padd=
ing-left:1ex">I am happy to announce the first successful Zero-Knowledge Co=
ntingent<br>
Payment (ZKCP) on the Bitcoin network.<br>
<br>
ZKCP is a transaction protocol that allows a buyer to purchase<br>
information from a seller using Bitcoin in a manner which is private,<br>
scalable, secure, and which doesn=E2=80=99t require trusting anyone: the<br=
>
expected information is transferred if and only if the payment is<br>
made. The buyer and seller do not need to trust each other or depend<br>
on arbitration by a third party.<br>
<br>
Imagine a movie-style =E2=80=9Cbriefcase swap=E2=80=9D (one party with a br=
iefcase<br>
full of cash, another containing secret documents), but without the<br>
potential scenario of one of the cases being filled with shredded<br>
newspaper and the resulting exciting chase scene.<br>
<br>
An example application would be the owners of a particular make of<br>
e-book reader cooperating to purchase the DRM master keys from a<br>
failing manufacturer, so that they could load their own documents on<br>
their readers after the vendor=E2=80=99s servers go offline. This type of s=
ale<br>
is inherently irreversible, potentially crosses multiple<br>
jurisdictions, and involves parties whose financial stability is<br>
uncertain=E2=80=93meaning that both parties either take a great deal of ris=
k<br>
or have to make difficult arrangement. Using a ZKCP avoids the<br>
significant transactional costs involved in a sale which can otherwise<br>
easily go wrong.<br>
<br>
In today=E2=80=99s transaction I purchased a solution to a 16x16 Sudoku puz=
zle<br>
for 0.10 BTC from Sean Bowe, a member of the Zcash team, as part of a<br>
demonstration performed live at Financial Cryptography 2016 in<br>
Barbados. I played my part in the transaction remotely from<br>
California.<br>
<br>
The transfer involved two transactions:<br>
<br>
8e5df5f792ac4e98cca87f10aba7947337684a5a0a7333ab897fb9c9d616ba9e<br>
200554139d1e3fe6e499f6ffb0b6e01e706eb8c897293a7f6a26d25e39623fae<br>
<br>
Almost all of the engineering work behind this ZKCP implementation was<br>
done by Sean Bowe, with support from Pieter Wuille, myself, and Madars<br>
Virza.<br>
<br>
<br>
Read more, including technical details at<br>
<a href=3D"https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-=
payments-announcement/" rel=3D"noreferrer" target=3D"_blank">https://bitcoi=
ncore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/</a=
><br>
<br>
[I hope to have a ZKCP sudoku buying faucet up shortly. :) ]<br>
_______________________________________________<br>
bitcoin-dev mailing list<br>
<a href=3D"mailto:bitcoin-dev@lists.linuxfoundation.org">bitcoin-dev@lists.=
linuxfoundation.org</a><br>
<a href=3D"https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev" =
rel=3D"noreferrer" target=3D"_blank">https://lists.linuxfoundation.org/mail=
man/listinfo/bitcoin-dev</a><br>
</blockquote></div><br></div>
--047d7bd756306aac23052cb45ce4--
|
